Privacy Act of 1974; System of Records

AGENCY:

National Transportation Safety Board (NTSB).

ACTION:

Notice of new system of records.

SUMMARY:

The National Transportation Safety Board (NTSB) proposes adding a new system of records to its inventory of system of records: Data Analytics Records. Subject to the Privacy Act of 1974, the agency proposes this new system for individually identifying information gathered or created from existing systems of records maintained by the NTSB, other NTSB records, and other governmental sources supporting NTSB operations. The new system will be used, primarily through data analytics techniques, to improve processes by enhancing data-driven decision-making, analyzing mission costs, managing resources, and otherwise assisting the NTSB in the performance of its statutory and regulatory duties, or in participating in Federal agency audits or other studies.

DATES:

This system is effective on June 22, 2023, with the exception of the routine uses which will be effective on July 24, 2023. Submit written comments by July 24, 2023.

ADDRESSES:

You may send comments, identified by Docket Number (No.) NTSB–2023–0004, by any of the following methods:

• Federal e-Rulemaking Portal: https://www.regulations.gov.

• Email: rulemaking@ntsb.gov.

• Fax: 202–314–6090.

• Mail/Hand Delivery/Courier: NTSB, Office of General Counsel, 490 L'Enfant Plaza East SW, Washington, DC 20594.

Instructions: All submissions in response to this Notice must include Docket No. NTSB–2023–0004. All comments, including any personal information, received will be posted without change to https://www.regulations.gov.

Docket: For access to the docket, including comments received, go to https://www.regulations.gov and search under Docket No. NTSB–2023–0004.

FOR FURTHER INFORMATION CONTACT:

Casey Blaine, Deputy General Counsel, (202) 314–6036, rulemaking@ntsb.gov.

SUPPLEMENTARY INFORMATION:

Under the Foundations for Evidence-Based Policymaking Act of 2018 and related guidance from the Office of Management and Budget (OMB), including OMB M–21–27, OMB M–19–23, OMB M–20–12, and OMB Circular A–11, the NTSB proposes adding a new system of records to its inventory of system of records titled, “Data Analytics Records.” The agency proposes this new system for information from existing and future business data sources regarding prospective, current, and former NTSB employees to allow the agency to evaluate the data and reach decisions pertinent and necessary to effectively achieve mission, strategic, and operational outcomes using high-quality evidence.

SYSTEM NAME AND NUMBER:

NTSB Data Analytics Records, NTSB–36.

SECURITY CLASSIFICATION:

Controlled Unclassified Information (CUI).

SYSTEM LOCATION:

Records are located in the NTSB's cloud system, managed by Microsoft, which is a Federal Risk and Authorization Management Program (FEDRAMP) product. The Microsoft System is hosted in the Microsoft AZURE Government Cloud, a Software as a Service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) product. The NTSB's Azure system is a collection of NTSB custom-built applications, commercial off-the-shelf systems (COTS) and internal databases used by the NTSB to manage enterprise business processes.

SYSTEM MANAGER:

Office of the Chief Information Officer, National Transportation Safety Board, 490 L'Enfant Plaza East SW, Washington, DC 20594.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Foundations for Evidence-Based Policymaking Act of 2018, Public Law 115–435, 132 Stat. 5529 (2019); Federal Data Strategy (OMB, Memorandum 19–18, 19–23); 5 U.S.C. 301; 44 U.S.C. 3101.

PURPOSE(S) OF THE SYSTEM:

This system of records will permit the NTSB to engage in evidence-based decision-making by integrating data from multiple sources and will contain information regarding prospective, current, and former NTSB employees, including but not limited to, time and attendance records, payroll records, performance and performance awards records, telework agreements, travel records and travel card data, purchase card records, training records, human resources records, cost accounting records, portfolio and project management records, and investigative case management records. The new system will be used, primarily through data analytics techniques, to improve agency processes, identify operational costs, manage resources, and otherwise assist the NTSB in the performance of its statutory and regulatory duties, or while participating or responding to requests during federal agency audits or other studies or inquiries. Further, this system will permit the NTSB to increase its effectiveness and efficiency in conducting its operations by merging data across various components into a centralized system.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Prospective, current, and former NTSB employees.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system contains materials regarding prospective, current, and former NTSB employees received, gathered, or created in connection with agency operations. Categories of records may include: name, title, pay series or grade, duty station, and NTSB office of prospective, current, and former NTSB employees; employee time and attendance records; employee payroll information; employee performance records and performance awards; employee telework records; employee travel records and travel card data; purchase card records; employee training records; human resources records; internal surveys; cost accounting records; portfolio and project management records; and NTSB investigative case management records.

RECORD SOURCE CATEGORIES:

Existing sources of data, including but not limited to, time and attendance records, payroll records, performance award records, telework agreements, travel records and travel card data, purchase card records, training records, human resources records, employee surveys, cost accounting records, portfolio and project management records, and investigative case management records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USES AND THE PURPOSES OF SUCH USES:

In addition to the disclosures permitted under subsection (b) of the Privacy Act, the NTSB may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

1. Disclosure to the Office of Personnel Management for personnel research purposes; as a data source for management information; for the production of summary descriptive statistics and analytical studies in support of the function for which the records are collected and maintained; or for related workforce studies;

2. Disclosure to the Office of Personnel Management, Department of Labor, Merit Systems Protection Board, Office of the Special Counsel, Equal Employment Opportunity Commission, the Federal Labor Relations Authority (including the General Counsel of the Authority and the Federal Service Impasses Panel), the Federal Mediation and Conciliation Service, the Office of Government Ethics, and to an arbitrator, when that agency or office is properly engaged in investigation or settlement of an administrative grievance, complaint, claim, or appeal filed by an employee or former employee, or to obtain advice regarding statutory, regulatory, policy, or other requirements, but only to the extent that the information is relevant and necessary to the proceeding, in carrying out their functions;

3. Disclosure to other Federal agencies that need the information for an audit or investigation of a civil, criminal, or regulatory violation or potential violation where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law;

4. Where a contract between an NTSB office and a labor organization recognized under Executive Order No. 11,491 or 5 U.S.C. Chapter 71 provides that the agency will disclose personal records relevant to the organization's mission, the NTSB may disclose records in this system of records to such organizations;

5. Information may be disclosed to the National Archives and Records Administration (NARA) or General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906;

6. Disclosure to a private entity with which the NTSB maintains a contractual relationship for the purposes of collating, analyzing, aggregating, or otherwise refining records in this system, where the private entity is subject to a non-disclosure agreement and understands that it must honor Privacy Act safeguards with respect to such records;

7. In the event of litigation where the defendant is (a) the NTSB, any component of the NTSB, or any employee of the NTSB in his or her official capacity; (b) the United States, where the NTSB determines that the claim, if successful, is likely to directly affect the operations of the NTSB or any of its components; or (c) any NTSB employee in his or her individual capacity where the Department of Justice has agreed to represent such employee, the NTSB may disclose such records as it deems relevant and necessary to the Department of Justice or NTSB's outside counsel to enable the NTSB to present an effective defense, provided such disclosure is compatible with the purpose for which the records were collected;

8. Information may be disclosed to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the written request of the individual about whom the record is maintained. The NTSB will not make such a disclosure until the congressional office has furnished appropriate documentation of the individual's request, such as a copy of the individual's written request;

9. To the Office of Government Information Services (OGIS), NARA to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h) to review administrative policies, procedures, and compliance with the FOIA, and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies;

10. To appropriate agencies, entities, and persons when (1) the NTSB suspects or has confirmed that there has been a breach of the system of records, (2) the NTSB has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the NTSB (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the NTSB's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm;

11. To another Federal agency or Federal entity, when the NTSB determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The NTSB maintains the records in this system electronically in its enterprise databases. Data from disparate data sources will be brought into a secured and governed, cloud-based enterprise data analytics infrastructure to support data analysis.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

These records may be retrieved by employee identification number, title, or other personal identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Data Analytics Records are maintained as described in the applicable agency records schedules being developed and subject to NARA approval.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The NTSB maintains electronic records within this system, which are stored on protected computer networks that are accessible by authorized users with Personal Identity Verification (PIV) cards and/or secure passwords. This system conforms to all applicable Federal laws and regulations, as well as NTSB policies and standards, as they relate to information security and data privacy. In this regard, the following laws and regulations may apply: the Privacy Act of 1974; the Federal Information Security Modernization Act of 2014; the Computer Fraud and Abuse Act of 1986; the E-Government Act of 2002; and corresponding regulations implementing these statutes.

RECORD ACCESS PROCEDURE:

Same as “Notification Procedure.”

CONTESTING RECORD PROCEDURE:

Same as “Notification Procedure.”

NOTIFICATION PROCEDURES:

Individuals wishing to inquire about whether this system of records contains information about them may contact the Chief, Records Management Division, National Transportation Safety Board, 490 L'Enfant Plaza East SW, Washington, DC 20594.

Individuals must comply with NTSB regulations regarding the Privacy Act, at 49 CFR part 802, and must furnish the following information for their records to be located and identified:

1. Full name(s);

2. Dates of employment, NTSB service, or application; and

3. Signature.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

History:

None.